A Secure Distributed Storage System Based On AONT And Erasure Coding

In order to deal with geographical restrictions and to overcome single point of failure,distributed storage is introduced.Distributed storage uses the space on each computer through the network and integrates the decentralized space into one to provide virtual storage services.Distributed storage has been widely used in big data and cloud computing by enterprises.Due to that the abilities and skills of attackers are becoming more powerful and application scenarios has become more complex,people have put higher requirements on data security in distributed storage.In this study,we propose a secure efficient distributed storage scheme SAONT-RS based on an SAONT proposed by us and RS erasure code.And then,we develop and implement a secure and efficient distributed storage system.Firstly,for the purposes of supporting node data security and implementing the encryption efficiently of big data,we analyze IDA and AONT algorithms.And then,in the review of AONT-RS and RAONT-RS,find that there are three security vulnerabilities.To deal with the vulnerabilities,we propose a secure efficient distributed storage scheme SAONT-RS based on an SAONT proposed by us and RS erasure code.Finally,based on the HDFS storage framework,we design and implement a secure distributed storage system based on HDFS.The main contributions of this paper are summarized as follows:(1)Present the state-of-art of distributed storage in detail,summarize the current research status of security problem in distributed storage system.(2)Introduce the technologies of secure distributed storage approach,such as Shamir secret sharing scheme,IDA algorithm,AONT algorithm and erasure coding technology.(3)Propose a secure efficient distributed storage scheme SAONT-RS based on an SAONT proposed by us and RS erasure code.Analyze the classical AONT-RS and RAONT-RS and find that there are exist three security vulnerabilities.SAONT-RS calculates a 512-bit hash value using SHA-3 function and expands the random key to the length of hash value to address the short-plaintext attack and to achieve node data confidentiality in the distribution phase.It uses SHA-3 to verify the integrity of node data at the beginning of reconstruction phase,and RS erasure code to recover the damaged data correctly and to prevent the Dos attack.(4)Analyze the secure efficient distributed storage approach SAONT-RS from confidentiality,anti-short plaintext attack,recoverability and integrity aspects,and make the evaluations on efficiency and storage.The results show that SAONT-RS achieves node data confidentiality,recoverability,integrity,anti-short plaintext attack,and good efficiency in distributed storage.(5)On the basis of SAONT-RS,we design a three-tier storage model and implement a HDFS-based distributed storage prototype system.The user access layer adopts B/S structure and transmits data through SSL protocol.The data management layer uses C ++ language to develop and implement SAONT-RS.The storage layer follows the master/slave mode of HDFS,and combines SAONT-RS to improve the high security of HDFS node data.(6)Build and deploy the test environment,develop SAONT-RS system to carry out the practical experiments.Using the black box test method to test system performance,coding and experimental methods to test system function.The test results show that SAONT-RS system basically satisfies the design requirements.